Apple shows it hasn't a clue about security

While Apple users suffer from a serious malware outbreak, Jobs’ Mob’s answer to the problem is to try to shut down the server of the security company that warned the world of the attack.

More than half a million Macs are infected with Flashback malware, caused by the fact that Jobs’ Mob could not be bothered updating some Java software and relied on peoples’ faith in Steve Jobs to protect them.

However, the problem reveals just how useless Apple is when it comes to working with the real world.

Apple’s first action was not to update the Java software, but to order the server of the Russian based security company which alerted the world to the problem, offline.

Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar that Apple had requested the registrar shut down one of its domains.

Apple somewhat stupidly thought that the website was being used as a “command and control” server. It did not look at who owned the website and did not realise that the domain was one of three that Dr. Web has been using as a spoofed command and control server which acts as a “sinkhole.”

If it had a little more experience in dealing with the real world outside its reality distortion field it would have twigged.

Sharov said that Apple just had no idea how to work as a team player in tackling security. It just thought that it could wade in and order servers switched off and that would resolve its problems.

Sharov said that Apple told the registrar this [domain] is involved in a malicious scheme. However Dr Web was not controlling the sink-hole and it was not harming users. Apple just did not consider its work as a help, it was just annoying Jobs’ Mob, he said.

Apple’s attempt to shut down Dr Web’s monitoring server was an honest mistake, but was the downside of Jobs’ Mob’s secrecy.

When Dr. Web first contacted Apple to share its findings about the Mac-based botnet, it never replied. Dr Web gave them all the data it had and the only response was Apple’s demand that the monitoring server be shut down.

Locating and shutting down command and control servers is a typical practice for a company trying to cripple a botnet. Sharov said Dr Web has worked with Microsoft on those efforts.

But Apple will not even tell anyone about its antivirus group. It may not even have one. After all Apple insists that its software is so perfect that it can’t get Malware. The Flashback botnet has proven that the only reason that has not happened is because no one could be bothered writing code to hack into a Mac and steal a users’s Coldplay collection and photographs of themselves.

Sharov slammed Apple for its delay in issuing a patch for a security vulnerability in Java that allowed the Flashback malware to exist.